PT-2026-42982

A vulnerability was found in SourceCodester Indian Invoicing System 1.0. This issue affects some unknown processing of the file /Invoicing/IGST Invoice.php of the component Invoice Generation Handler. Performing a manipulation of the argument customer name/category results in sql injection. The...

SourceCodester Indian Invoicing System SQL注入漏洞

SourceCodester Indian Invoicing System is a SourceCodester open source Indian invoicing system. SourceCodester Indian Invoicing System version 1.0 suffers from a SQL injection vulnerability that stems from the Invoice Generation Handler component's manipulation of the parameter...

EUVD-2025-21952

Malicious code in bioql PyPI...

CVE-2025-6721

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

CVE-2025-6721

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

CVE-2025-6721

The CVE-2025-6721 affects the Vchasno Kasa WordPress plugin (MORKVA Vchasno Kasa Integration) up to version 1.0.3. Root cause: missing capability check in the mrkv_vchasno_kasa_wc_do_metabox_action() function, enabling unauthenticated users to generate invoices for arbitrary orders. This is an un...

CVE-2025-6721 Vchasno Kasa <= 1.0.3 - Missing Authorization to Unauthenticated Invoice Generation

The Vchasno Kasa plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the mrkvvchasnokasawcdometaboxaction function in all versions up to, and including, 1.0.3. This makes it possible for unauthenticated attackers to generate invoices for arbitrar...

WordPress plugin Vchasno Kasa 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

CVE-2024-44313

TastyIgniter 3.7.6 contains an Incorrect Access Control vulnerability in the invoice function within Orders.php which allows unauthorized users to access and generate invoices due to missing permission checks...

CVE-2024-44313

Summary: CVE-2024-44313 affects TastyIgniter 3.7.6. An Incorrect Access Control flaw in the invoice() function of Orders.php allows unauthorized users to access and generate invoices due to missing permission checks. What’s affected: TastyIgniter 3.7.6; vulnerable component: app/admin/controllers...

CVE-2021-28678

A flaw was found in python-pillow. BlpImagePlugin did not properly check that reads after jumping to file offsets returned data. This could lead to a denial-of-service where the decoder could be run a large number of times on empty data. Mitigation To mitigate this feature on Red Hat Quay keep th...

CVE-2021-25288

There is an out-of-bounds read in J2kDecode in j2kugrayi. For J2k images with multiple bands, it’s legal to have different widths for each band, e.g. 1 byte for L, 4 bytes for A. Mitigation To mitigate this feature on Red Hat Quay keep the invoice generation feature disabled, as it is by default...

Stripe: Verifying email bypass

A vulnerability was discovered in Stripe's Connect API that allowed an attacker to create an account without verifying the email address. This allowed the attacker to impersonate a real company and generate invoices and payments on their behalf. The invoices appeared valid as they were sent by...

CVE-2021-25291

A flaw was found in python-pillow. Invalid tile boundaries could lead to an OOB Read in TiffReadRGBATile in TiffDecode.c. Mitigation Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay...

CVE-2021-25290

A flaw was found in python-pillow. In TiffDecode.c, there is a negative-offset memcpy with an invalid size which could lead to a system crash. Mitigation Disable the invoice generation feature to mitigate this vulnerability in Red Hat Quay...

Netartmedia iBoutique.MALL - SQL Injection

Netartmedia iBoutique.MALL - SQL Injection Name : Netartmedia iBoutique.MALL SQLi Vulnerability Date : june, 28 2010 Critical Level : HIGH Vendor Url : http://www.netartmedia.net/mall/ Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...